 Your SSH honeypot fakes a Linux system and logs the threat actor's commands. My SSH honeypot hijacks the threat actor's terminal to play the music video of Rick Astley's 1987 pop hit "Never Gonna Give You Up" while ignoring Ctrl-C. We are not the same. 57 comments
Oh, I didn't compile with @jjacobsson I got it working last night, shitposted about it and went to bed. Will post the code in the next couple of weeks. I don't use container stuff, and it's Rust so you can just compile it to a single binary anyway. @ryanc _nice_ Having exactly 0 experience with running a honeypot so I did some googling and realized that is more complicated than I initially thought :D But I need to see this. @jjacobsson the video itself viewable via
No sound, but the whole thing is subtitled. @jjacobsson It's pretty amazing how good it looks when you spam the terminal with unicode and 24 bit color escape sequences  @ryanc If you want to spend ABSOLUTELY way too much effort on this, there IS a way to compress this. You can use console escape codes to update only the parts of the screen which are changing. This is a lost art, but some implementations survive (Emacs notably does this). Do some motion estimation. In rectangular regions that coherently move vertically you could set a scroll region and just scroll that area.   @ryanc You should be able to set the newline conversion mode on the pty with stty/tcsetattr.  This is funny. I wrote a SSH server that writes out the script to Hackers while ignoring Ctrl-C.  I tried getting ffmpeg to output Hackers through caca but it wasn't super easy as you need to render each frame from the nurses driver. @ryanc@infosec.exchange Nice, please share that script... Would love to setup a hp-account for that @ryanc@infosec.exchange SSH honeypot that hijacks the remote terminal to play the portal 1 ending, with music     @ryanc I now lowkey wish RickrollMEMZ was a thing Hijack the machine to display the video (and crash the system once the video is over) and also trash the BIOS to show the Rick Astley on boot.  @ryanc so since no one asked, I'll volunteer: do you have this software hosted on a gitsomething somewhere? @unexpectedteapot I'll post it eventually, but probably not the animation file (it's 50MB) I basically mashed this together with russh: https://github.com/ryancdotorg/ansi-player-rs/blob/main/src/main.rs You can see the animation via
    @ryanc Not doing a real #hackback? Ohh... That's cute....    |
Gregory's Server
The CPU usage of this thing is absurd. Doesn't help that my files are encoded with "\n" newlines, but I need to use "\r\n" for an SSH pty for whatever reason.